Multicast DTLS

1. Update API
2. Update unit test
3. Partially implemented wolfSSL_set_secret().

src/ssl.c

@@ -844,46 +844,75 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu)
 #endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */
 
 
-#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST)
+#if defined(WOLFSSL_MULTICAST)
 
-int wolfSSL_dtls_mcast_set_member_id(WOLFSSL* ssl, byte id)
+int wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX* ctx, byte id)
 {
-    int ret = SSL_SUCCESS;
+    int ret = 0;
 
-    (void)ssl;
+    WOLFSSL_ENTER("wolfSSL_CTX_mcast_set_member_id()");
-    (void)id;
 
-    WOLFSSL_ENTER("wolfSSL_dtls_mcast_set_member_id()");
+    if (ctx == NULL)
-    WOLFSSL_LEAVE("wolfSSL_dtls_mcast_set_member_id()", ret);
+        ret = BAD_FUNC_ARG;
+
+    if (ret == 0) {
+        /* check if side == MASTER. only work for client */
+        ctx->haveEMS = 0;
+        ctx->mcastID = id;
+    }
+
+    if (ret == 0)
+        ret = SSL_SUCCESS;
+    WOLFSSL_LEAVE("wolfSSL_CTX_mcast_set_member_id()", ret);
     return ret;
 }
 
 
-int wolfSSL_dtls_mcast_set_secret(WOLFSSL* ssl, unsigned short epoch,
+int wolfSSL_set_secret(WOLFSSL* ssl, unsigned short epoch,
-                                  const byte* preMasterSecret,
+                       const byte* preMasterSecret, word32 preMasterSz,
-                                  word32 preMasterSz,
+                       const byte* clientRandom, const byte* serverRandom,
-                                  const byte* clientRandom,
+                       const byte* suite)
-                                  const byte* serverRandom,
-                                  const byte* suite)
 {
-    int ret = SSL_SUCCESS;
+    int ret = 0;
 
-    (void)ssl;
     (void)epoch;
-    (void)preMasterSecret;
-    (void)preMasterSz;
-    (void)clientRandom;
-    (void)serverRandom;
-    (void)suite;
 
-    WOLFSSL_ENTER("wolfSSL_dtls_mcast_set_secret()");
+    WOLFSSL_ENTER("wolfSSL_set_secret()");
-    WOLFSSL_LEAVE("wolfSSL_dtls_mcast_set_secret()", ret);
+
+    if (ssl == NULL || preMasterSecret == NULL || preMasterSz == 0 ||
+        preMasterSz > sizeof(ssl->arrays->preMasterSecret) ||
+        clientRandom == NULL || serverRandom == NULL || suite == NULL) {
+
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        XMEMCPY(ssl->arrays->preMasterSecret, preMasterSecret, preMasterSz);
+        ssl->arrays->preMasterSz = preMasterSz;
+        XMEMCPY(ssl->arrays->clientRandom, clientRandom, RAN_LEN);
+        XMEMCPY(ssl->arrays->serverRandom, serverRandom, RAN_LEN);
+        ssl->options.cipherSuite0 = suite[0];
+        ssl->options.cipherSuite = suite[1];
+
+        ret = SetCipherSpecs(ssl);
+    }
+
+    if (ret == 0)
+        ret = MakeTlsMasterSecret(ssl);
+
+    if (ret == 0)
+        ret = SSL_SUCCESS;
+    else {
+        if (ssl)
+            ssl->error = ret;
+        ret = SSL_FATAL_ERROR;
+    }
+    WOLFSSL_LEAVE("wolfSSL_set_secret()", ret);
     return ret;
 }
 
 
-int wolfSSL_dtls_mcast_read(WOLFSSL* ssl, unsigned char* id,
+int wolfSSL_mcast_read(WOLFSSL* ssl, unsigned char* id, void* data, int sz)
-                            void* data, int sz)
 {
     int ret = 0;
 
@@ -891,14 +920,14 @@ int wolfSSL_dtls_mcast_read(WOLFSSL* ssl, unsigned char* id,
     (void)data;
     (void)sz;
 
-    WOLFSSL_ENTER("wolfSSL_dtls_mcast_read()");
+    WOLFSSL_ENTER("wolfSSL_mcast_read()");
-    if (id != NULL)
+    if (ssl->options.dtls && id != NULL)
         *id = 0;
-    WOLFSSL_LEAVE("wolfSSL_dtls_mcast_read()", ret);
+    WOLFSSL_LEAVE("wolfSSL_mcast_read()", ret);
     return ret;
 }
 
-#endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST */
+#endif /* WOLFSSL_MULTICAST */
 
 
 #endif /* WOLFSSL_LEANPSK */

tests/api.c

@@ -2345,9 +2345,9 @@ static int test_wolfSSL_UseOCSPStaplingV2 (void)
 } /*END test_wolfSSL_UseOCSPStaplingV2*/
 
 /*----------------------------------------------------------------------------*
- | DTLS Multicast Tests
+ | Multicast Tests
  *----------------------------------------------------------------------------*/
-static void test_wolfSSL_dtls_mcast(void)
+static void test_wolfSSL_mcast(void)
 {
 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST)
     WOLFSSL_CTX* ctx;
@@ -2362,21 +2362,22 @@ static void test_wolfSSL_dtls_mcast(void)
 
     ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
     AssertNotNull(ctx);
+
+    result = wolfSSL_CTX_mcast_set_member_id(ctx, 0);
+    AssertIntEQ(result, SSL_SUCCESS);
+
     ssl = wolfSSL_new(ctx);
     AssertNotNull(ssl);
 
-    result = wolfSSL_dtls_mcast_set_member_id(ssl, 0);
-    AssertIntEQ(result, SSL_SUCCESS);
-
     XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret));
     XMEMSET(clientRandom, 0xA5, sizeof(clientRandom));
     XMEMSET(serverRandom, 0x5A, sizeof(serverRandom));
-    result = wolfSSL_dtls_mcast_set_secret(ssl, 23,
+    result = wolfSSL_set_secret(ssl, 23,
-            preMasterSecret, sizeof(preMasterSecret),
+                preMasterSecret, sizeof(preMasterSecret),
-            clientRandom, serverRandom, suite);
+                clientRandom, serverRandom, suite);
     AssertIntEQ(result, SSL_SUCCESS);
 
-    result = wolfSSL_dtls_mcast_read(ssl, &newId, buf, sizeof(buf));
+    result = wolfSSL_mcast_read(ssl, &newId, buf, sizeof(buf));
     AssertIntLE(result, 0);
     AssertIntLE(newId, 100);
 
@@ -9717,8 +9718,8 @@ void ApiTest(void)
     AssertIntEQ(test_wolfSSL_UseOCSPStapling(), SSL_SUCCESS);
     AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), SSL_SUCCESS);
 
-    /* DTLS-MULTICAST */
+    /* Multicast */
-    test_wolfSSL_dtls_mcast();
+    test_wolfSSL_mcast();
 
     /* compatibility tests */
     test_wolfSSL_DES();

wolfssl/internal.h

@@ -1035,7 +1035,7 @@ enum Misc {
     DTLS_EXPORT_LEN          = 2,  /* 2 bytes for length and protocol */
     DTLS_EXPORT_IP           = 46, /* max ip size IPv4 mapped IPv6 */
     MAX_EXPORT_BUFFER        = 514, /* max size of buffer for exporting */
-    DTLS_MCAST_ID_MAX        = 100, /* max allowed multicast group ID */
+    MULTICAST_SZ             = 100, /* max allowed multicast group peers */
     FINISHED_LABEL_SZ   = 15,  /* TLS finished label size */
     TLS_FINISHED_SZ     = 12,  /* TLS has a shorter size  */
     EXT_MASTER_LABEL_SZ = 22,  /* TLS extended master secret label sz */
@@ -2240,6 +2240,9 @@ struct WOLFSSL_CTX {
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
     byte        postHandshakeAuth:1;  /* Post-handshake auth supported. */
 #endif
+#ifdef WOLFSSL_MULTICAST
+    byte        mcastID;          /* multicast group ID */
+#endif
 #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
     byte        dtlsSctp;         /* DTLS-over-SCTP mode */
     word16      dtlsMtuSz;        /* DTLS MTU size */

wolfssl/ssl.h

@@ -509,12 +509,12 @@ WOLFSSL_API int  wolfSSL_dtls_set_sctp(WOLFSSL*);
 WOLFSSL_API int  wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX*, unsigned short);
 WOLFSSL_API int  wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned short);
 
-WOLFSSL_API int  wolfSSL_dtls_mcast_set_member_id(WOLFSSL*, unsigned char);
+WOLFSSL_API int  wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX*, unsigned char);
-WOLFSSL_API int  wolfSSL_dtls_mcast_set_secret(WOLFSSL*, unsigned short,
+WOLFSSL_API int  wolfSSL_set_secret(WOLFSSL*, unsigned short,
                      const unsigned char*, unsigned int,
                      const unsigned char*, const unsigned char*,
                      const unsigned char*);
-WOLFSSL_API int  wolfSSL_dtls_mcast_read(WOLFSSL*, unsigned char*, void*, int);
+WOLFSSL_API int  wolfSSL_mcast_read(WOLFSSL*, unsigned char*, void*, int);
 
 WOLFSSL_API int   wolfSSL_ERR_GET_REASON(unsigned long err);
 WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);